Souci antispyware

fromelh -  
cgui33 Messages postés 1176 Statut Membre -
Bonjour,
je suis de retour avec le meme genre de probleme que dans ce post (http://www.commentcamarche.net/forum/affich 5273193 trojandownloader xs a l aide#2008 03 02%2016%3A03%3A00)
pazs d'écran bleu, mais des performancs tres ralenties, un acces a certains sites impossible, windows qui me dmeande d'activer les mises a jour automatiques alors qu'elles le sont déjà, etc. et surtout des fenetres internet me conseillant d'installer un antispyware.

mon rapport hijack this
merci d'avance de m'aider de nouveau.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:17, on 26/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
G:\Mes Documents 2\logiciels\utorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.9online.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BM036b3e8d] Rundll32.exe "C:\WINDOWS\system32\cxvuawrj.dll",s
O4 - HKLM\..\Run: [00580d11] rundll32.exe "C:\WINDOWS\system32\ttpxxueo.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: &Télécharger avec NetTransport - G:\Program Files\NetTransport\NTAddLink.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - G:\Program Files\NetTransport\NTAddList.html
O8 - Extra context menu item: Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.yeak.net
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (MovieSystem WAY) - http://servicesv4.moviesystem.com/cabs/msway.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

--
End of file - 8724 bytes
Configuration: Windows XP
Firefox 2.0.0.14

13 réponses

  1. cgui33 Messages postés 1176 Statut Membre 10
     
    Salut

    Télécharge combofix sur ton Bureau
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    IMPORTANT

    désactive ton antivirus, durant l'utilisation de ComboFix . Merci. Tu réactives ensuite
    puis

    Double clique combofix.exe.
    Tape sur la touche Y (Yes) pour démarrer le scan.
    Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    A+
    0
  2. fromelh
     
    ComboFix 08-05-25.5 - Propriétaire 2008-05-26 20:52:48.2 - NTFSx86
    Endroit: G:\Downloads\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BM036b3e8d.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\aaasnllh.ini
    C:\WINDOWS\system32\aijwhcci.ini
    C:\WINDOWS\system32\cwvfnbse.exe
    C:\WINDOWS\system32\iljqlyea.exe
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mlJDttqn.dll
    C:\WINDOWS\system32\nqttDJlm.ini
    C:\WINDOWS\system32\nqttDJlm.ini2
    C:\WINDOWS\system32\oeuxxptt.ini
    C:\WINDOWS\system32\winfrun32.bin

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-26 to 2008-05-26 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-26 20:23 . 2008-05-26 20:23 116,736 --a------ C:\WINDOWS\system32\ttpxxueo.dll
    2008-05-26 20:15 . 2008-05-26 20:15 134,144 --a------ C:\WINDOWS\system32\snbmwiir.dll
    2008-05-26 20:13 . 2008-05-26 20:13 124,928 --a------ C:\WINDOWS\system32\cxvuawrj.dll
    2008-05-25 20:22 . 2008-05-25 20:22 136,704 --a------ C:\WINDOWS\system32\qywdrkxo.dll
    2008-05-25 20:13 . 2008-05-25 20:13 125,440 --a------ C:\WINDOWS\system32\jctfswlm.dll
    2008-05-25 08:05 . 2008-05-25 08:05 58,368 --a------ C:\WINDOWS\system32\efcDustr.dll
    2008-05-18 12:51 . 2008-05-18 12:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-05-18 12:51 . 2008-05-18 12:51 1,409 --a------ C:\WINDOWS\QTFont.for

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-26 18:31 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-05-26 17:51 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-05-26 02:56 --------- d-----w C:\Program Files\eMule
    2008-04-20 21:45 --------- d-----w C:\Program Files\TVAnts
    2008-04-20 21:43 --------- d-----w C:\Program Files\SopCast
    2008-04-19 11:16 --------- d-----w C:\Program Files\FlashGet
    2008-04-17 21:00 --------- d-----w C:\Program Files\MSXML 4.0
    2008-04-17 11:27 --------- d-----w C:\Program Files\NeroInstall.bak
    2008-04-17 11:19 --------- d-----w C:\Program Files\Fichiers communs\Nero
    2008-04-17 11:14 --------- d-----w C:\Program Files\Nero
    2008-04-17 11:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2008-04-17 11:03 --------- d-----w C:\Program Files\ahead
    2008-04-17 09:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
    2008-04-07 17:52 --------- d-----w C:\Program Files\AliveMedia
    2008-04-02 17:22 --------- d-----w C:\Program Files\DivX
    2008-04-02 17:09 --------- d-----w C:\Program Files\RecordNow
    2008-04-02 17:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-26 18:08 --------- d-----w C:\Program Files\QuickTime
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-05 15:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
    2008-03-05 15:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
    2008-03-05 15:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
    2008-03-05 14:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
    2008-03-05 14:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
    2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
    2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
    2005-05-13 16:12 217,073 -csha-r C:\WINDOWS\meta4.exe
    2005-10-24 10:13 66,560 -csha-r C:\WINDOWS\MOTA113.exe
    2005-10-13 20:27 422,400 -csha-r C:\WINDOWS\x2.64.exe
    2004-06-22 19:01 32 --sha-w C:\WINDOWS\{30E27BE1-E96B-4CF4-9C1D-9D57D6FACD33}.dat
    2004-07-19 11:13 56 -csh--r C:\WINDOWS\system32\A392A3D701.sys
    2005-10-07 18:14 308,224 -csha-r C:\WINDOWS\system32\avisynth.dll
    2005-07-14 10:31 27,648 -csha-r C:\WINDOWS\system32\AVSredirect.dll
    2005-06-26 13:32 616,448 -csha-r C:\WINDOWS\system32\cygwin1.dll
    2005-06-21 20:37 45,568 -csha-r C:\WINDOWS\system32\cygz.dll
    2004-01-24 23:00 70,656 -csha-r C:\WINDOWS\system32\i420vfw.dll
    2006-04-27 08:24 2,945,024 -csha-r C:\WINDOWS\system32\Smab.dll
    2005-02-28 11:16 240,128 -csha-r C:\WINDOWS\system32\x.264.exe
    2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
    2004-06-22 19:01 32 --sha-w C:\WINDOWS\system32\{41D3EBEC-A381-4698-859E-8FE810443017}.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dec4a5a-17b5-43c7-8c6b-003747657b23}]
    2008-05-26 20:15 134144 --a------ C:\WINDOWS\system32\snbmwiir.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6E95516-27C0-443D-9BA9-ABD8C12BAE16}]
    2008-05-25 08:05 58368 --a------ C:\WINDOWS\system32\efcDustr.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF0DECCF-1D10-4FE4-8868-403583537513}]
    2008-05-26 21:11 371200 --a------ C:\WINDOWS\system32\opnlJAPj.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-24 11:59 68856]
    "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53 73840]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 20:40 143360]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42 212992]
    "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 20:28 81920]
    "nwiz"="nwiz.exe" [2003-07-28 14:19 323584 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2003-07-28 14:19 49152]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 14:19 4841472]
    "KYE_Showicon"="C:\Program Files\USB Storage RW\shwicon.exe" [2002-10-25 16:33 69632]
    "KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 21:56 61440]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
    "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 22:30 188416]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-09-09 08:05 114688]
    "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53 73840]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-07-03 21:47 98304]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-12-20 16:35 95960]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
    "ccRegVfy"="C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2003-07-15 14:42 60344]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2003-07-15 14:36 54512]
    "adiras"="adiras.exe" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
    "00580d11"="C:\WINDOWS\system32\ttpxxueo.dll" [2008-05-26 20:23 116736]
    "BM036b3e8d"="C:\WINDOWS\system32\hkmukcwp.dll" [2008-05-26 21:21 124928]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-19 16:07 54888]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"= 0 (0x0)
    "NoFind"= 0 (0x0)
    "NoRun"= 0 (0x0)
    "NoDesktop"= 0 (0x0)
    "NoClose"= 0 (0x0)
    "StartMenuLogOff"= 0 (0x0)
    "HideClock"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{B6E95516-27C0-443D-9BA9-ABD8C12BAE16}"= C:\WINDOWS\system32\efcDustr.dll [2008-05-25 08:05 58368]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDustr]
    efcDustr.dll 2008-05-25 08:05 58368 C:\WINDOWS\system32\efcDustr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.3ivx"= 3ivxVfWCodec.dll
    "vidc.3iv2"= 3ivxVfWCodec.dll
    "msacm.divxa32"= divxa32.acm
    "VIDC.HFYU"= huffyuv.dll
    "VIDC.i263"= i263_32.drv
    "msacm.imc"= imc32.acm
    "VIDC.VP31"= vp31vfw.dll
    "VIDC.JPEG"= JpegCode.dll
    "VIDC.MJPG"= JpegCode.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\opnlJAPj

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON-9Online.LNK]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON-9Online.LNK
    backup=C:\WINDOWS\pss\DSLMON-9Online.LNKCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    --a------ 2007-06-11 11:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Fichiers communs\\Synacast\\SynaLive\\PE.exe"=
    "G:\\Mes Documents 2\\logiciels\\utorrent.exe"=
    "C:\\WINDOWS\\system32\\svchost.exe"=
    "C:\\WINDOWS\\system32\\fxsclnt.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\SopCast\\SopCast.exe"=
    "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "C:\\Program Files\\TVAnts\\Tvants.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8285:TCP"= 8285:TCP:*:Disabled:ppLive
    "3890:UDP"= 3890:UDP:*:Disabled:ppLive
    "9420:TCP"= 9420:TCP:RSP
    "4262:TCP"= 4262:TCP:*:Disabled:ppLive
    "8726:UDP"= 8726:UDP:*:Disabled:ppLive

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-05-26 19:05:44 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-26 21:04:12
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    C:\WINDOWS\system32\oeuxxptt.ini 294 bytes

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 1

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\efcDustr.dll

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\system32\ttpxxueo.dll
    -> C:\WINDOWS\system32\hkmukcwp.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCEVTMGR.EXE
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Messenger\msmsgs.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-26 21:24:03 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-26 19:22:54
    ComboFix2.txt 2008-03-02 11:55:13

    Pre-Run: 3,191,320,576 octets libres
    Post-Run: 4,037,763,072 octets libres

    222 --- E O F --- 2008-05-16 19:59:15
    0
  3. cgui33 Messages postés 1176 Statut Membre 10
     
    Re

    Sélectionnes toutes les lignes en gras ci-dessous et ensuite (CTRL+C).

    File::
    C:\WINDOWS\system32\ttpxxueo.dll
    C:\WINDOWS\system32\snbmwiir.dll
    C:\WINDOWS\system32\cxvuawrj.dll
    C:\WINDOWS\system32\qywdrkxo.dll
    C:\WINDOWS\system32\jctfswlm.dll
    C:\WINDOWS\system32\efcDustr.dll

    registry:
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{B6E95516-27C0-443D-9BA9-ABD8C12BAE16}"=-
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{B6E95516-27C0-443D-9BA9-ABD8C12BAE16}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "00580d11"=-
    "BM036b3e8d"=-


    Ouvre le bloc-note (programme>Accessoire>bloc-note).
    Colle le texte copié dans ce bloc-note (CTRL+V).
    Sauvegarde ce fichier sous le nom de CFScript.txt
    Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    A+ (c'est pas fini !)

    Et Installes un antivirus avant de passer à la suite ... j'ai pas l'impression qu'il existe !!!
    Désinstalles ce qu'il reste de Norton et ensuite :

    Telecharge et installes l'antivirus Antivir Personal Edition Classic :
    https://www.malekal.com/avira-free-security-antivirus-gratuit/
    https://www.avira.com/en/prime
    Tutoriel configuration du scanner...
    http://mickael.barroux.free.fr/securite/antivir.php

    Fais un scan complet de ta machine en mode sans échec a l´aide d´antivir et post le rapport ici stp
    0
    1. fromelh
       
      ComboFix 08-05-25.5 - Propriétaire 2008-05-26 22:19:54.3 - NTFSx86
      Endroit: G:\Downloads\ComboFix.exe
      Command switches used :: C:\Documents and Settings\Propriétaire\Mes documents\CFScript.txt

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

      FILE ::
      C:\WINDOWS\system32\cxvuawrj.dll
      C:\WINDOWS\system32\efcDustr.dll
      C:\WINDOWS\system32\jctfswlm.dll
      C:\WINDOWS\system32\qywdrkxo.dll
      C:\WINDOWS\system32\snbmwiir.dll
      C:\WINDOWS\system32\ttpxxueo.dll
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\BM036b3e8d.xml
      C:\WINDOWS\pskt.ini
      C:\WINDOWS\system32\cxvuawrj.dll
      C:\WINDOWS\system32\efcDustr.dll
      C:\WINDOWS\system32\exnyyssf.exe
      C:\WINDOWS\system32\jctfswlm.dll
      C:\WINDOWS\system32\jPAJlnpo.ini
      C:\WINDOWS\system32\jPAJlnpo.ini2
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\system32\opnlJAPj.dll
      C:\WINDOWS\system32\qywdrkxo.dll
      C:\WINDOWS\system32\snbmwiir.dll
      C:\WINDOWS\system32\ttpxxueo.dll
      C:\WINDOWS\system32\upbgolhc.ini

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-26 to 2008-05-26 ))))))))))))))))))))))))))))))))))))
      .

      2008-05-26 21:27 . 2008-05-26 21:27 116,736 --a------ C:\WINDOWS\system32\chlogbpu.dll
      2008-05-26 21:21 . 2008-05-26 21:21 124,928 --a------ C:\WINDOWS\system32\hkmukcwp.dll
      2008-05-26 21:08 . 2008-05-26 21:23 354 ---hs---- C:\WINDOWS\system32\oeuxxptt.ini
      2008-05-18 12:51 . 2008-05-18 12:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2008-05-18 12:51 . 2008-05-18 12:51 1,409 --a------ C:\WINDOWS\QTFont.for

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-26 20:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
      2008-05-26 18:31 --------- d-----w C:\Program Files\Mozilla Thunderbird
      2008-05-26 02:56 --------- d-----w C:\Program Files\eMule
      2008-04-20 21:45 --------- d-----w C:\Program Files\TVAnts
      2008-04-20 21:43 --------- d-----w C:\Program Files\SopCast
      2008-04-19 11:16 --------- d-----w C:\Program Files\FlashGet
      2008-04-17 21:00 --------- d-----w C:\Program Files\MSXML 4.0
      2008-04-17 11:27 --------- d-----w C:\Program Files\NeroInstall.bak
      2008-04-17 11:19 --------- d-----w C:\Program Files\Fichiers communs\Nero
      2008-04-17 11:14 --------- d-----w C:\Program Files\Nero
      2008-04-17 11:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
      2008-04-17 11:03 --------- d-----w C:\Program Files\ahead
      2008-04-17 09:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
      2008-04-07 17:52 --------- d-----w C:\Program Files\AliveMedia
      2008-04-02 17:22 --------- d-----w C:\Program Files\DivX
      2008-04-02 17:09 --------- d-----w C:\Program Files\RecordNow
      2008-04-02 17:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2008-03-26 18:08 --------- d-----w C:\Program Files\QuickTime
      2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
      2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
      2005-05-13 16:12 217,073 -csha-r C:\WINDOWS\meta4.exe
      2005-10-24 10:13 66,560 -csha-r C:\WINDOWS\MOTA113.exe
      2005-10-13 20:27 422,400 -csha-r C:\WINDOWS\x2.64.exe
      2004-06-22 19:01 32 --sha-w C:\WINDOWS\{30E27BE1-E96B-4CF4-9C1D-9D57D6FACD33}.dat
      2004-07-19 11:13 56 -csh--r C:\WINDOWS\system32\A392A3D701.sys
      2005-10-07 18:14 308,224 -csha-r C:\WINDOWS\system32\avisynth.dll
      2005-07-14 10:31 27,648 -csha-r C:\WINDOWS\system32\AVSredirect.dll
      2005-06-26 13:32 616,448 -csha-r C:\WINDOWS\system32\cygwin1.dll
      2005-06-21 20:37 45,568 -csha-r C:\WINDOWS\system32\cygz.dll
      2004-01-24 23:00 70,656 -csha-r C:\WINDOWS\system32\i420vfw.dll
      2006-04-27 08:24 2,945,024 -csha-r C:\WINDOWS\system32\Smab.dll
      2005-02-28 11:16 240,128 -csha-r C:\WINDOWS\system32\x.264.exe
      2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
      2004-06-22 19:01 32 --sha-w C:\WINDOWS\system32\{41D3EBEC-A381-4698-859E-8FE810443017}.dat
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-24 11:59 68856]
      "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53 73840]
      "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 20:40 143360]
      "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
      "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42 212992]
      "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 20:28 81920]
      "nwiz"="nwiz.exe" [2003-07-28 14:19 323584 C:\WINDOWS\system32\nwiz.exe]
      "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2003-07-28 14:19 49152]
      "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 14:19 4841472]
      "KYE_Showicon"="C:\Program Files\USB Storage RW\shwicon.exe" [2002-10-25 16:33 69632]
      "KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 21:56 61440]
      "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
      "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 22:30 188416]
      "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-09-09 08:05 114688]
      "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53 73840]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-07-03 21:47 98304]
      "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-12-20 16:35 95960]
      "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
      "ccRegVfy"="C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2003-07-15 14:42 60344]
      "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2003-07-15 14:36 54512]
      "adiras"="adiras.exe" []
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
      "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
      "00580d11"="C:\WINDOWS\system32\chlogbpu.dll" [2008-05-26 21:27 116736]
      "BM036b3e8d"="C:\WINDOWS\system32\hkmukcwp.dll" [2008-05-26 21:21 124928]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-19 16:07 54888]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
      "DisableRegedit"= 0 (0x0)
      "NoFind"= 0 (0x0)
      "NoRun"= 0 (0x0)
      "NoDesktop"= 0 (0x0)
      "NoClose"= 0 (0x0)
      "StartMenuLogOff"= 0 (0x0)
      "HideClock"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDustr]
      efcDustr.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "vidc.3ivx"= 3ivxVfWCodec.dll
      "vidc.3iv2"= 3ivxVfWCodec.dll
      "msacm.divxa32"= divxa32.acm
      "VIDC.HFYU"= huffyuv.dll
      "VIDC.i263"= i263_32.drv
      "msacm.imc"= imc32.acm
      "VIDC.VP31"= vp31vfw.dll
      "VIDC.JPEG"= JpegCode.dll
      "VIDC.MJPG"= JpegCode.dll

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON-9Online.LNK]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON-9Online.LNK
      backup=C:\WINDOWS\pss\DSLMON-9Online.LNKCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
      path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
      backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
      --a------ 2007-06-11 11:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
      C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
      "C:\\Program Files\\Fichiers communs\\Synacast\\SynaLive\\PE.exe"=
      "G:\\Mes Documents 2\\logiciels\\utorrent.exe"=
      "C:\\WINDOWS\\system32\\svchost.exe"=
      "C:\\WINDOWS\\system32\\fxsclnt.exe"=
      "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\Program Files\\SopCast\\SopCast.exe"=
      "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
      "C:\\Program Files\\TVAnts\\Tvants.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "8285:TCP"= 8285:TCP:*:Disabled:ppLive
      "3890:UDP"= 3890:UDP:*:Disabled:ppLive
      "9420:TCP"= 9420:TCP:RSP
      "4262:TCP"= 4262:TCP:*:Disabled:ppLive
      "8726:UDP"= 8726:UDP:*:Disabled:ppLive

      R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 09:08]
      S3 packet_2.1;Packet Driver v2.1;C:\WINDOWS\system32\drivers\packet.sys [2000-10-24 16:26]
      S3 PentaxUsb;Pentax Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-03-17 06:59]
      S3 PentaxVc;Pentax Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2004-03-17 07:00]
      S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys []

      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2008-05-26 20:39:06 C:\WINDOWS\Tasks\Symantec NetDetect.job"
      - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-26 22:33:14
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...


      C:\WINDOWS\system32\upbgolhc.ini 294 bytes

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 1

      **************************************************************************
      .
      --------------------- DLLs a charg‚ sous des processus courants ---------------------

      PROCESS: C:\WINDOWS\explorer.exe
      -> C:\WINDOWS\system32\chlogbpu.dll
      -> C:\WINDOWS\system32\hkmukcwp.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Fichiers communs\Symantec Shared\CCEVTMGR.EXE
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\IoctlSvc.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\fxssvc.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      G:\Mes Documents 2\logiciels\utorrent.exe
      G:\Downloads\basic\setup.exe
      C:\Program Files\Messenger\msmsgs.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-26 22:56:09 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-05-26 20:53:15
      ComboFix2.txt 2008-05-26 19:24:07
      ComboFix3.txt 2008-03-02 11:55:13

      Pre-Run: 3,993,104,384 octets libres
      Post-Run: 3,919,601,664 octets libres

      215 --- E O F --- 2008-05-16 19:59:15
      0
  4. cgui33 Messages postés 1176 Statut Membre 10
     
    Re
    Lorsque tu auras terminé :
    Désinstalles HijackThis
    Puis Réinstalles le dans C:\Hijack !!! et non dans C:\program files\...
    Puis renommes Hijack.exe en azerty.exe
    Relance un System scan And save a Logfle
    Postes le rapport
    Pour info : il manque des lignes (02 et 020) qui devraient apparaitre dans le nouveau rapport.

    A+
    0
    1. fromelh
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:07:00, on 26/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\system32\IoctlSvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\USB Storage RW\shwicon.exe
      C:\HP\KBD\KBD.EXE
      C:\windows\system\hpsysdrv.exe
      C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
      C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\system32\fxssvc.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\WINDOWS\system32\Rundll32.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      G:\Mes Documents 2\logiciels\utorrent.exe
      G:\Downloads\basic\setup.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\HijackThis\Azerty.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
      O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
      O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
      O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
      O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [adiras] adiras.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [00580d11] rundll32.exe "C:\WINDOWS\system32\chlogbpu.dll",b
      O4 - HKLM\..\Run: [BM036b3e8d] Rundll32.exe "C:\WINDOWS\system32\hkmukcwp.dll",s
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
      O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: &Search - ?p=ZJfox000
      O8 - Extra context menu item: &Télécharger avec NetTransport - G:\Program Files\NetTransport\NTAddLink.html
      O8 - Extra context menu item: Tout t&élécharger avec NetTransport - G:\Program Files\NetTransport\NTAddList.html
      O8 - Extra context menu item: Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
      O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O15 - Trusted Zone: www.yeak.net
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (MovieSystem WAY) - http://servicesv4.moviesystem.com/cabs/msway.cab
      O20 - Winlogon Notify: efcDustr - efcDustr.dll (file missing)
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. cgui33 Messages postés 1176 Statut Membre 10
     
    Re
    OK maintenant installes un antivirus !
    Antivir
    Avast
    ...
    celui que tu veux mais ... il en faut un !!!

    Ensuite reviens demain, il y a des lignes à fixer avec Hijack !
    A+
    0
    1. fromelh
       
      ok. je suis en train d'installer antivir. je posterai un rapport demain midi.
      merci de ton aide.
      0
  7. fromelh
     
    Avira AntiVir Personal
    Report file date: mardi 27 mai 2008 07:45

    Scanning for 1292849 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: NOM-DACQ0TCL8OY

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:58
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:38
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:24
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:42
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
    ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 22:43:54
    ANTIVIR3.VDF : 7.0.4.95 243712 Bytes 26/05/2008 22:43:55
    Engineversion : 8.1.0.46
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22
    AESCRIPT.DLL : 8.1.0.33 266618 Bytes 26/05/2008 22:44:07
    AESCN.DLL : 8.1.0.18 119156 Bytes 26/05/2008 22:44:07
    AERDL.DLL : 8.1.0.20 418165 Bytes 26/05/2008 22:44:06
    AEPACK.DLL : 8.1.1.5 364918 Bytes 26/05/2008 22:44:06
    AEOFFICE.DLL : 8.1.0.18 192890 Bytes 26/05/2008 22:44:05
    AEHEUR.DLL : 8.1.0.29 1253750 Bytes 26/05/2008 22:44:04
    AEHELP.DLL : 8.1.0.14 115063 Bytes 26/05/2008 22:44:03
    AEGEN.DLL : 8.1.0.21 303477 Bytes 26/05/2008 22:44:02
    AEEMU.DLL : 8.1.0.6 430451 Bytes 26/05/2008 22:44:01
    AECORE.DLL : 8.1.0.29 168311 Bytes 26/05/2008 22:43:57
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:54
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:52
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:48
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:50
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:32
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:26
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:12

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:, G:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 27 mai 2008 07:45

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'utorrent.exe' - '1' Module(s) have been scanned
    Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'fxssvc.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'SweetIM.exe' - '1' Module(s) have been scanned
    Scan process 'hpztsb07.exe' - '1' Module(s) have been scanned
    Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
    Scan process 'kbd.exe' - '1' Module(s) have been scanned
    Scan process 'shwicon.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'IoctlSvc.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'NBService.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    39 processes with 39 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'G:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '38' files ).

    Starting the file scan:

    Begin scan in 'C:\' <PRESARIO>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak2.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [NOTE] The fund was classified as suspicious.
    [NOTE] The file was moved to '487da09b.qua'!
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak3.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [NOTE] The fund was classified as suspicious.
    [NOTE] The file was moved to '487da09c.qua'!
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak5.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [NOTE] The fund was classified as suspicious.
    [NOTE] The file was moved to '49dcbf4d.qua'!
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak6.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [NOTE] The fund was classified as suspicious.
    [NOTE] The file was moved to '487da09e.qua'!
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak8.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [NOTE] The fund was classified as suspicious.
    [NOTE] The file was moved to '487da09d.qua'!
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [NOTE] The fund was classified as suspicious.
    [NOTE] The file was moved to '48a4a0ad.qua'!
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [NOTE] The fund was classified as suspicious.
    [NOTE] The file was moved to '48a4a0ae.qua'!
    0
    1. fromelh
       
      C:\QooBox\Quarantine\C\WINDOWS\system\smss.exe.vir
      [DETECTION] Is the Trojan horse TR/Proxy.Horst.Gen
      [NOTE] The file was moved to '48aea74a.qua'!
      C:\QooBox\Quarantine\C\WINDOWS\system32\cxvuawrj.dll.vir
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE] The file was moved to '48b1a756.qua'!
      C:\QooBox\Quarantine\C\WINDOWS\system32\mlJDttqn.dll.vir
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE] The file was moved to '4885a74b.qua'!
      C:\QooBox\Quarantine\C\WINDOWS\system32\nvsvcd.exe.vir
      [DETECTION] Is the Trojan horse TR/Proxy.Horst.Gen
      [NOTE] The file was moved to '48aea756.qua'!
      C:\QooBox\Quarantine\C\WINDOWS\system32\qywdrkxo.dll.vir
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE] The file was moved to '48b2a75a.qua'!
      C:\QooBox\Quarantine\C\WINDOWS\system32\snbmwiir.dll.vir
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE] The file was moved to '489da74f.qua'!
      C:\SDFix\backups\backups.zip
      [0] Archive type: ZIP
      --> backups/TFTP3640
      [DETECTION] Contains detection pattern of the worm WORM/Rbot.N
      [NOTE] The file was moved to '489ea747.qua'!
      C:\System Volume Information\_restore{3BC31158-8839-4D06-949D-B691773A7526}\RP1366\A0479777.dll
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [NOTE] The file was moved to '486fa723.qua'!
      C:\System Volume Information\_restore{3BC31158-8839-4D06-949D-B691773A7526}\RP1369\A0479849.dll
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE] The file was moved to '486fa72a.qua'!
      C:\System Volume Information\_restore{3BC31158-8839-4D06-949D-B691773A7526}\RP1369\A0479852.dll
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE] The file was moved to '49f0b7bb.qua'!
      C:\System Volume Information\_restore{3BC31158-8839-4D06-949D-B691773A7526}\RP1369\A0479853.dll
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE] The file was moved to '486fa72b.qua'!
      C:\System Volume Information\_restore{3BC31158-8839-4D06-949D-B691773A7526}\RP1371\A0479919.exe
      [0] Archive type: HIDDEN
      --> FIL\\\?\C:\System Volume Information\_restore{3BC31158-8839-4D06-949D-B691773A7526}\RP1371\A0479919.exe
      [DETECTION] Contains detection pattern of the worm WORM/Rbot.MK
      [NOTE] The file was moved to '486fa730.qua'!
      C:\WINDOWS\system32\hkmukcwp.VIR
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
      [WARNING]
      Begin scan in 'D:\' <PRESARIO_RP>
      Begin scan in 'G:\' <Thomas>
      G:\Mes Documents 2\préparé\urzi42tw.jpg
      [DETECTION] Is the Trojan horse TR/Spy.Banker.vk.1
      [NOTE] The file was moved to '48b5edfb.qua'!
      G:\Mes Documents 2\préparé\XC_Fassi3.jpg
      [DETECTION] Is the Trojan horse TR/Spy.Banker.vk.1
      [NOTE] The file was moved to '489aede3.qua'!


      End of the scan: mardi 27 mai 2008 13:28
      Used time: 5:42:28 min

      The scan has been done completely.

      6978 Scanning directories
      411688 Files were scanned
      15 viruses and/or unwanted programs were found
      7 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      21 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
      411673 Files not concerned
      18440 Archives were scanned
      3 Warnings
      21 Notes
      0
  8. cgui33 Messages postés 1176 Statut Membre 10
     
    Salut
    Peux poster un nouveau log Hijack ?
    Merci
    A+
    0
  9. fromelh
     
    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O13 - Gopher Prefix:
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    0
  10. cgui33 Messages postés 1176 Statut Membre 10
     
    Re
    Tu es sûr du rapport ?
    Il est un peu court à mon goût !
    Refais le s'il te plait
    Merci
    A+
    0
    1. fromelh
       
      j'obtiens le meme résultat!
      0
      1. cgui33 Messages postés 1176 Statut Membre 10 > fromelh
         
        Re
        Tu as fais quoi sur ton PC depuis hier après midi ?
        A+
        0
  11. cgui33 Messages postés 1176 Statut Membre 10
     
    Re

    Redémarre en mode sans échec et relance Hijack pour voir ...
    Pour le mode sans échec : redémarre le PC
    AU démarrage tapote sur F8 (ou F5 pour certains PC) tu verras apparaitre un menu sur écran noir
    Choisis le mode sans échec (sans prise en charge réseau)
    Le démarrage de windows sera plus long ... ensuite relance Hijack
    Puis redémarre en mode normal pour poster le rapport
    A+
    0
  12. cgui33 Messages postés 1176 Statut Membre 10
     
    Bonsoir
    Alors ... tu en es où ?
    La moindre des choses serait de répondre ...
    Merci
    A+
    0
  13. fromelh
     
    Le probleme est réapparu, mais mon rapport hijack this est toujours aussi court. Je 'ai pas encoire eu le temps de le faire en sans échec, des que j'ai un peu de temps devant de moi je m'y attèle.
    0
    1. cgui33 Messages postés 1176 Statut Membre 10
       
      Re
      Ce que je ne comprend pas, c'est que depuis ton rapport Hijack du 26 à 23h, normalement,
      tu as simplement installé Antivir et effectué un scan.

      Pourquoi ton rapport du 28 à 22h est-il si court ?
      Et en plus sans entête Hijack :
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:07:00, on 26/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      As tu essayé autre chose entre temps ?

      A+
      0
  14. fromelh
     
    log d'hijack effectué en mode sans échec

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:58:30, on 01/06/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Safe mode

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\Windows\system32\mslatest_updt.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Thomas\AppData\Local\Temp\xxYQJyVl.dll,#1
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Thomas\AppData\Local\Temp\ssqnOiHW.dll,c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O13 - Gopher Prefix:
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    0
    1. cgui33 Messages postés 1176 Statut Membre 10
       
      C'est quoi ce canular !
      On commence en XP SP2 et on en est à VISTA SP1 maintenant !!!!!!!!!!!!

      Il faudrait des explications.
      A+
      0